General requirements

when relying on a third party for
the performance of operational functions which are critical for the performance
of regulated activities, listed activities or ancillary
services (in this chapter "relevant services and activities")
on a continuous and satisfactory basis, ensure that it takes reasonable steps
to avoid undue additional operational risk; and7

(2)

not undertake the outsourcing of important operational functions
in such a way as to impair materially:

SYSC 4.1.1 R requires
a firm to have effective processes to
identify, manage, monitor and report risks and internal control mechanisms.
Except in relation to those functions described in SYSC 8.1.5R and (for a common platform firm in article 30(2) of the MiFID Org Regulation)7, where a firm relies on a third party for the performance
of operational functions which are not critical or important for the performance
of relevant services and activities (see SYSC 8.1.1 R (1)) on a continuous
and satisfactory basis, it should take into account, in a manner that is proportionate
given the nature, scale and complexity of the outsourcing,
the rules in this section in
complying with that requirement.

For the
purposes of this chapter an operational function is regarded as critical or
important if a defect or failure in its performance would materially impair
the continuing compliance of a firm (other than a common platform firm)7 with the conditions and obligations of its authorisation or its other obligations under
the regulatory system, or its
financial performance, or the soundness or the continuity of its relevant
services and activities.

For a UCITS investment firm and without7 prejudice to the status of any other function, the following functions will
not be considered as critical or important for the purposes of this chapter:

(1)

the provision to the firm of advisory services, and other services
which do not form part of the relevant services and activities of the firm, including the provision of legal advice
to the firm, the training of
personnel of the firm, billing
services and the security of the firm's premises
and personnel;

(2)

the purchase of standardised services,
including market information services and the provision of price feeds;3

If a firm (other than a common platform firm)7 outsources critical
or important operational functions or any relevant services and activities,
it remains fully responsible for discharging all of its obligations under
the regulatory system and must
comply, in particular, with the following conditions:

A UCITS investment firm7 must exercise due skill
and care and diligence when entering into, managing or terminating any arrangement
for the outsourcing to a service
provider of critical or important operational functions or of any relevant
services and activities.

A UCITS investment firm7 must in particular
take the necessary steps to ensure that the following conditions are satisfied:

(1)

the service provider must have
the ability, capacity, and any authorisation required
by law to perform the outsourced functions,
services or activities reliably and professionally;

(2)

the service provider must carry
out the outsourced services
effectively, and to this end the firm must
establish methods for assessing the standard of performance of the service
provider;

(3)

the service provider must properly
supervise the carrying out of the outsourced functions,
and adequately manage the risks associated with the outsourcing;

(4)

appropriate action must be taken
if it appears that the service provider may not be carrying out the functions
effectively and in compliance with applicable laws and regulatory requirements;

(5)

the firm must
retain the necessary expertise to supervise the outsourced functions
effectively and to4 manage the risks associated with the outsourcing,4 and must supervise those functions and manage those risks;

the service provider must disclose
to the firm any development
that may have a material impact on its ability to carry out the outsourced functions effectively and in compliance
with applicable laws and regulatory requirements;

(7)

the firm must
be able to terminate the arrangement for the outsourcing where
necessary without detriment to the continuity and quality of its provision
of services to clients;

the firm,
its auditors, the FCA7 and
any other relevant competent authority must
have effective access to data related to the outsourced activities,
as well as to the business premises of the service provider; and the FCA7 and any other relevant competent authority must be able to exercise
those rights of access;

(10)

the service provider must protect
any confidential information relating to the firm and
its clients;

(11)

the firm and
the service provider must establish, implement and maintain a contingency
plan for disaster recovery and periodic testing of backup facilities where
that is necessary having regard to the function, service or activity that
has been outsourced.

As SUP
15.3.8 G explains,
a firm should notify the FCA7 when
it intends to rely on a third party for the performance of operational functions
which are critical or important for the performance of relevant services and
activities on a continuous and satisfactory basis.

Additional requirements
for a management company

6A management company must retain the necessary
resources and expertise so as to monitor effectively the activities carried
out by third parties on the basis of an arrangement with the firm, especially with regard to the management
of the risk associated with those arrangements.